Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
93s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
11/10/2022, 00:13
Static task
static1
Behavioral task
behavioral1
Sample
13619f1852111ddb9f7ab75fd5469c7d34ae7b43e12b6f67624f5fd27dd4c7a8.dll
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
13619f1852111ddb9f7ab75fd5469c7d34ae7b43e12b6f67624f5fd27dd4c7a8.dll
Resource
win10v2004-20220812-en
General
-
Target
13619f1852111ddb9f7ab75fd5469c7d34ae7b43e12b6f67624f5fd27dd4c7a8.dll
-
Size
160KB
-
MD5
7d2a383d85c560e3598dbc7f0b41bf38
-
SHA1
6610aca6cb5adfc76895b183540e787ce3ef5725
-
SHA256
13619f1852111ddb9f7ab75fd5469c7d34ae7b43e12b6f67624f5fd27dd4c7a8
-
SHA512
ce397605d064d728e78018d5be310982b552bccff7b93cf80e243bb3f1b186f64ccca48bdee093a9329cb39cbacc47b9bd4e617d4337201ec26e52ea5f73e28c
-
SSDEEP
3072:5ibTTp78CcWfJkicFUQRIpvKQecm8ABDNHX:KT14pU8IpvKQJaDxX
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
pid Process 4468 rundll32mgr.exe 1588 WaterMark.exe -
resource yara_rule behavioral2/memory/4468-137-0x0000000000400000-0x0000000000426000-memory.dmp upx behavioral2/memory/1588-145-0x0000000000400000-0x0000000000426000-memory.dmp upx behavioral2/memory/1588-148-0x0000000000400000-0x0000000000426000-memory.dmp upx behavioral2/memory/1588-149-0x0000000000400000-0x0000000000426000-memory.dmp upx -
Drops file in System32 directory 1 IoCs
description ioc Process File created C:\Windows\SysWOW64\rundll32mgr.exe rundll32.exe -
Drops file in Program Files directory 3 IoCs
description ioc Process File created C:\Program Files (x86)\Microsoft\WaterMark.exe rundll32mgr.exe File opened for modification C:\Program Files (x86)\Microsoft\WaterMark.exe rundll32mgr.exe File opened for modification C:\Program Files (x86)\Microsoft\pxF5EE.tmp rundll32mgr.exe -
Program crash 2 IoCs
pid pid_target Process procid_target 340 2752 WerFault.exe 82 228 2348 WerFault.exe 86 -
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30989591" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "4234318415" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "372219739" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3e0000003e000000c4040000a3020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{1EE210CD-490B-11ED-AECB-4A8324823CC0} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "4096819064" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30989591" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30989591" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30989591" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "4096819064" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "4234318415" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{1ED8857B-490B-11ED-AECB-4A8324823CC0} = "0" iexplore.exe -
Suspicious behavior: EnumeratesProcesses 16 IoCs
pid Process 1588 WaterMark.exe 1588 WaterMark.exe 1588 WaterMark.exe 1588 WaterMark.exe 1588 WaterMark.exe 1588 WaterMark.exe 1588 WaterMark.exe 1588 WaterMark.exe 1588 WaterMark.exe 1588 WaterMark.exe 1588 WaterMark.exe 1588 WaterMark.exe 1588 WaterMark.exe 1588 WaterMark.exe 1588 WaterMark.exe 1588 WaterMark.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1588 WaterMark.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 4200 iexplore.exe 1964 iexplore.exe -
Suspicious use of SetWindowsHookEx 10 IoCs
pid Process 1964 iexplore.exe 1964 iexplore.exe 4200 iexplore.exe 4200 iexplore.exe 1924 IEXPLORE.EXE 1924 IEXPLORE.EXE 4236 IEXPLORE.EXE 4236 IEXPLORE.EXE 1924 IEXPLORE.EXE 1924 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 28 IoCs
description pid Process procid_target PID 4248 wrote to memory of 2752 4248 rundll32.exe 82 PID 4248 wrote to memory of 2752 4248 rundll32.exe 82 PID 4248 wrote to memory of 2752 4248 rundll32.exe 82 PID 2752 wrote to memory of 4468 2752 rundll32.exe 83 PID 2752 wrote to memory of 4468 2752 rundll32.exe 83 PID 2752 wrote to memory of 4468 2752 rundll32.exe 83 PID 4468 wrote to memory of 1588 4468 rundll32mgr.exe 84 PID 4468 wrote to memory of 1588 4468 rundll32mgr.exe 84 PID 4468 wrote to memory of 1588 4468 rundll32mgr.exe 84 PID 1588 wrote to memory of 2348 1588 WaterMark.exe 86 PID 1588 wrote to memory of 2348 1588 WaterMark.exe 86 PID 1588 wrote to memory of 2348 1588 WaterMark.exe 86 PID 1588 wrote to memory of 2348 1588 WaterMark.exe 86 PID 1588 wrote to memory of 2348 1588 WaterMark.exe 86 PID 1588 wrote to memory of 2348 1588 WaterMark.exe 86 PID 1588 wrote to memory of 2348 1588 WaterMark.exe 86 PID 1588 wrote to memory of 2348 1588 WaterMark.exe 86 PID 1588 wrote to memory of 2348 1588 WaterMark.exe 86 PID 1588 wrote to memory of 4200 1588 WaterMark.exe 90 PID 1588 wrote to memory of 4200 1588 WaterMark.exe 90 PID 1588 wrote to memory of 1964 1588 WaterMark.exe 91 PID 1588 wrote to memory of 1964 1588 WaterMark.exe 91 PID 1964 wrote to memory of 4236 1964 iexplore.exe 93 PID 1964 wrote to memory of 4236 1964 iexplore.exe 93 PID 1964 wrote to memory of 4236 1964 iexplore.exe 93 PID 4200 wrote to memory of 1924 4200 iexplore.exe 92 PID 4200 wrote to memory of 1924 4200 iexplore.exe 92 PID 4200 wrote to memory of 1924 4200 iexplore.exe 92
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\13619f1852111ddb9f7ab75fd5469c7d34ae7b43e12b6f67624f5fd27dd4c7a8.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4248 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\13619f1852111ddb9f7ab75fd5469c7d34ae7b43e12b6f67624f5fd27dd4c7a8.dll,#12⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2752 -
C:\Windows\SysWOW64\rundll32mgr.exeC:\Windows\SysWOW64\rundll32mgr.exe3⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:4468 -
C:\Program Files (x86)\Microsoft\WaterMark.exe"C:\Program Files (x86)\Microsoft\WaterMark.exe"4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1588 -
C:\Windows\SysWOW64\svchost.exeC:\Windows\system32\svchost.exe5⤵PID:2348
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 2046⤵
- Program crash
PID:228
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4200 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4200 CREDAT:17410 /prefetch:26⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1924
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1964 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:17410 /prefetch:26⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4236
-
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 6123⤵
- Program crash
PID:340
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 2752 -ip 27521⤵PID:4500
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 2348 -ip 23481⤵PID:1592
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
120KB
MD5186a45a9b3189fdb56d59479d6f5fa85
SHA18be5be86d5aba4b3e6f4af077a25bdc9d1de6610
SHA256bf449f575154998c7449749da4175c377aa6f617f82effc079c85dd5e7df8743
SHA512bcfa06d1084d889cd3b5b3f5f5941af1e0fcdec850213a00bba709545b8f20b1acdbd480b5bc038e5010fce3f4a8ce972a6cc1e00a5012921cdc6b663daac0b7
-
Filesize
120KB
MD5186a45a9b3189fdb56d59479d6f5fa85
SHA18be5be86d5aba4b3e6f4af077a25bdc9d1de6610
SHA256bf449f575154998c7449749da4175c377aa6f617f82effc079c85dd5e7df8743
SHA512bcfa06d1084d889cd3b5b3f5f5941af1e0fcdec850213a00bba709545b8f20b1acdbd480b5bc038e5010fce3f4a8ce972a6cc1e00a5012921cdc6b663daac0b7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize471B
MD5fceed7a5f76725fb398c6a91ff552899
SHA1237aec000ae7c7c35a639664b1ad6c0d842a0749
SHA2562888c66a6908f10474313b2fef31aeeff40cffe1bcbd19b84b29334ff6a71383
SHA512adfba4e72523d38395c13122d6498d9b48d93b2967858f0208549e3830c9b47ee3e98249b98fe585aeeeffe491a6985a98c80a3be581abccf4239bad4d1cdef3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize404B
MD561725f56edccca2ace5eff6848ae843d
SHA1314e17d27be644cd78e5b5ea39da5bfc78a2e0ca
SHA256460bb6c4239ef8d60a9e71f6c13f1d78cfa1b35e66b8db53fdb8117bc5ba352f
SHA512449a33e9f296ae6396a51e92d6eb5cf1157b8322c59d072079743b73f337dd84b224555076f37649d2d315dde70b534a419cb25c4dc8b25d0bec23141ec7fe7e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize404B
MD553ea206c8383a4ed299cbf21daf3315f
SHA1cc0259c4fc55b017e9cc2790b3e6b9cb4dcca7c2
SHA256946a77c1ebcdd4ed52e35f3c59bd08b5458a30c41329523f6b71c1ee6da05f87
SHA512fec96cbff7b5e372a2b43fdfc3024ad0c3c871605c57a1bd04986696f84b8a0c7df0ccfa1fa97878edaf13a64321a2db86006b76d014f0f582b421e5b8692216
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize404B
MD553ea206c8383a4ed299cbf21daf3315f
SHA1cc0259c4fc55b017e9cc2790b3e6b9cb4dcca7c2
SHA256946a77c1ebcdd4ed52e35f3c59bd08b5458a30c41329523f6b71c1ee6da05f87
SHA512fec96cbff7b5e372a2b43fdfc3024ad0c3c871605c57a1bd04986696f84b8a0c7df0ccfa1fa97878edaf13a64321a2db86006b76d014f0f582b421e5b8692216
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1ED8857B-490B-11ED-AECB-4A8324823CC0}.dat
Filesize5KB
MD5b15b25cd88ebc7e3d55216133a946883
SHA1bdb2baf2c639ad5ff7a7675f25caea48f607ae78
SHA256b89a337cd087eec5cdeb590288d36aa3105e6c276bff916bf6a9aef5a00ee507
SHA512a831096a4ffbb8bdfdeb79ae70881495d1ba176d28580ed5a0220cd394066292581da51daa23eb9af55794fdc767d2dd9570e2d1d68763b5bab354df0eb204c8
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1EE210CD-490B-11ED-AECB-4A8324823CC0}.dat
Filesize5KB
MD50b2c91963901391a6b3994dfd42da28f
SHA18044168df1893138df3effd3f11bc63949c37804
SHA256fb462217d5a505cbf4a81212ab2feb4a15bf85430a67dc94460b0e6100c1a57d
SHA5125b73598b8c91cdd438518e4e2c804dee15081293c6a1424f3e21a3313f36597545c72e13c438610e3b30486c966e2f6008d04d9c009b7571c5c90af5c37884da
-
Filesize
120KB
MD5186a45a9b3189fdb56d59479d6f5fa85
SHA18be5be86d5aba4b3e6f4af077a25bdc9d1de6610
SHA256bf449f575154998c7449749da4175c377aa6f617f82effc079c85dd5e7df8743
SHA512bcfa06d1084d889cd3b5b3f5f5941af1e0fcdec850213a00bba709545b8f20b1acdbd480b5bc038e5010fce3f4a8ce972a6cc1e00a5012921cdc6b663daac0b7
-
Filesize
120KB
MD5186a45a9b3189fdb56d59479d6f5fa85
SHA18be5be86d5aba4b3e6f4af077a25bdc9d1de6610
SHA256bf449f575154998c7449749da4175c377aa6f617f82effc079c85dd5e7df8743
SHA512bcfa06d1084d889cd3b5b3f5f5941af1e0fcdec850213a00bba709545b8f20b1acdbd480b5bc038e5010fce3f4a8ce972a6cc1e00a5012921cdc6b663daac0b7